Hackers can figure out passwords just from the sound of typing

'I think smartphone makers are going to have to go back to the drawing board,' a security researcher warns

Anthony Cuthbertson
Monday 19 August 2019 14:44 EDT
Comments
Smartphone microphones are advanced enough to pick up the sound signals of different keys on a keyboard
Smartphone microphones are advanced enough to pick up the sound signals of different keys on a keyboard (Getty Images/iStockphoto)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Hackers can figure out a person’s password by simply listening to them type on a keyboard, cyber security according to a new study.

Using the microphone found on a smartphone, the new method is so effective that it can be carried out in a noisy public space where multiple people are typing, researchers at Southern Methodist University in Texas found.

They discovered the technique by analysing the different sound waves produced when a key on a keyboard is struck.

After processing the acoustic signals, they were able to decode which keys were struck and in which order. This method could be used not only to crack a person’s password, but also decipher someone’s private emails or messages.

“Based on what we found, I think smartphone makers are going to have to go back to the drawing board and make sure they are enhancing the privacy with which people have access to these sensors in a smartphone,” said Eric Larson, an assistant professor at SMU who helped lead the study.

Smartphone apps often require users to accept permission for the app to access the device’s microphone as part of their terms of service.

This is usually to facilitate certain functions of the app, however it is conceivable that hackers could either create malicious apps for the purpose of spying, or hack existing apps in order to secretly hijack a phone’s microphone.

“We were looking at security holes that might exist when you have these ‘always-on’ sensing devices – that being your smartphone,” Dr Larson said. "We wanted to understand if what you’re typing on your laptop, or any keyboard for that matter, could be sensed by just those mobile phones that are sitting on the same table. The answer was a definite, ‘yes’.”

Support free-thinking journalism and attend Independent events

The researchers warned that the victim would have no idea that they are being hacked, however there are certain caveats to the method.

The attacker would need to know the material type of the table that the victim is typing on, as metal and wood surfaces produce different sound wave patterns.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in